Key Point: The authentication vulnerability CVE-2026-0257 in Palo Alto Networks PAN-OS is being actively exploited and enables unauthorized VPN access.
Palo Alto Networks warns of active attacks targeting an authentication flaw in PAN-OS and Prisma Access. The security vulnerability CVE-2026-0257 (CVSS 7.8) allows attackers to establish VPN connections without proper authentication.
Palo Alto Networks confirms that the recently disclosed security vulnerability CVE-2026-0257 is already being exploited by attackers in the field. The vulnerability affects PAN-OS and the VPN product Prisma Access and is rated with a CVSS score of 7.8.
The core issue lies in an authentication bypass that allows attackers to establish VPN connections without passing through standard authentication mechanisms. This poses an immediate threat, as remote access systems typically serve as trusted gateways into corporate networks.
For CISOs, active exploitation of this vulnerability presents a substantial risk: unauthorized parties could potentially gain direct access to internal infrastructure. The NIS2 Directive requires swift remediation of critical vulnerabilities in essential security measures. Verification for signs of misuse and timely updates to affected systems are necessary.
Source: thehackernews.com · Published May 30, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification via Lumi News Pipeline v1.2.0.